Trojan

How to remove “Trojan.Win32.Ekstak.amsyz”?

Malware Removal

The Trojan.Win32.Ekstak.amsyz is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

GridinSoft Anti-Malware

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.
DOWNLOAD NOW
6-day free trial available.

What Trojan.Win32.Ekstak.amsyz virus can do?

  • Behavioural detection: Executable code extraction – unpacking
  • Sample contains Overlay data
  • Yara rule detections observed from a process memory dump/dropped files/CAPE
  • Reads data out of its own binary image
  • CAPE extracted potentially suspicious content
  • Drops a binary and executes it
  • The binary contains an unknown PE section name indicative of packing
  • Authenticode signature is invalid
  • Uses Windows utilities for basic functionality
  • Behavioural detection: Transacted Hollowing

How to determine Trojan.Win32.Ekstak.amsyz?



File Info:

name: C2AF47F12283D0DD99FC.mlw
path: /opt/CAPEv2/storage/binaries/08c41a15f9d3e0e43719758d692c5dd06ea768cb80bfe8ac87b22bf4f548bcaa
crc32: F1B2B05F
md5: c2af47f12283d0dd99fcffa6bbea6f10
sha1: 9e81d5c24372775e8565dda62665b4d6478d3149
sha256: 08c41a15f9d3e0e43719758d692c5dd06ea768cb80bfe8ac87b22bf4f548bcaa
sha512: d50a3643799c90bf5af7c5bdf03292dda531e2ff81d72687d9b4ddeab9c31ab3138ddfc71904f36e5a7730bbd1484d966eb41ce5b73b87709d2aa849bec68839
ssdeep: 196608:AEJypmJxYzmHy3oGCDmY94c9wBzP36qixgktUcff746ug9iF5yC:AEycxYUGoGCDmY9CBzPqPxgklf77u6i1
type: PE32 executable (GUI) Intel 80386, for MS Windows
tlsh: T133A6334B41D814F6C5DAF3751FF2CCF22B389F2B68948C4D2E5E2A8AD366D474C28586
sha3_384: f8bd5e6ffa112ce51161692ca089e86216d7937a48c8db7ca6400d6f273aa57db05dc16a0a5ce89ac3fb317e67364870
ep_bytes: 558bec83c4d453565733c08945f08945
timestamp: 1992-06-19 22:22:17


Version Info:

Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: Achbyte, Inc.                                               
FileDescription: Achbyte Utilities Setup                                     
FileVersion:                     
InternalName: 
OriginalFilename: 
ProductName: 
ProductVersion: 
Translation: 0x0409 0x04e4

Trojan.Win32.Ekstak.amsyz also known as:

McAfeeArtemis!C2AF47F12283
SangforTrojan.Win32.Agent.Vd78
AlibabaTrojanDropper:Win32/Generic.ac201de0
K7AntiVirusTrojan ( 005722fe1 )
CyrenW32/Ekstak.DA.gen!Eldorado
Elasticmalicious (high confidence)
ESET-NOD32a variant of Win32/TrojanDropper.Agent.SLC
Paloaltogeneric.ml
KasperskyTrojan.Win32.Ekstak.amsyz
AvastWin32:Malware-gen
McAfee-GW-EditionArtemis
SophosMal/Generic-S
GDataWin32.Backdoor.Bodelph.5VJ67S
JiangminTrojan.Ekstak.cbzt
GoogleDetected
AviraTR/Drop.Agent.cxxfa
MicrosoftTrojan:Win32/Wacatac.B!ml
CynetMalicious (score: 100)
AhnLab-V3Trojan/Win.Generic.C5236325
MalwarebytesAdware.DownloadAssistant
TrendMicro-HouseCallTROJ_GEN.R002H0CIC22
FortinetW32/Agent.SLC!tr
AVGWin32:Malware-gen

How to remove Trojan.Win32.Ekstak.amsyz?

Trojan.Win32.Ekstak.amsyz removal tool
  • Download and install GridinSoft Anti-Malware.
  • Open GridinSoft Anti-Malware and perform a “Standard scan“.
  • Move to quarantine” all items.
  • Open “Tools” tab – Press “Reset Browser Settings“.
  • Select proper browser and options – Click “Reset”.
  • Restart your computer.

You may also like

About the author

Paul Valéry

I'm a cyber security analyst and data science expert with 5+ years of experience with security software contractors.

View all posts

Leave a Comment